Friday, November 30, 2012

It’s no secret that browser add-ons bring us joy by increasing productivity and enhancing our overall internet experience, but not all add-ons are built with good intentions.

Cybercriminals have been known to push malicious browser add-ons that inject ads into websites or post spam on social network accounts.

More recently, Symantec researchers found that evil-doers have been spreading malicious browser add-ons that will redirect users to phishing websites whenever they type the URL of a legitimate site into their address bar.

These rogue add-ons are served from a phishing website mimicking the look & feel of a popular e-commerce website, complete with a typo-squatted domain and all.

The spoofed e-commerce website detects the user’s browser upon visit and prompts them to install the add-on for their particular browser. If the end-user chooses to install the add-on, it will modify the hosts file located in the Windows System32 directory, assigning the domain names of well-known companies to IP addresses of phishing websites.

For the uninitiated, Symantec explains that “when a user enters a website URL in the browser address bar, it checks the local DNS information, such as the hosts file, before sending a DNS query to the Internet.” That means if you type the web address for a website that’s been re-assigned using the hosts file, you’ll be directed to the phishing website instead of the legitimate one.

Fortunately Symantec says that the phishing site pushing the add-on has been taken offline, but another can easily pop-up elsewhere. Therefore, users are urged to remain vigilant and proceed with caution when installing software on their computer, even browser add-ons.

Browser Add-on Safety Tips

Use your browser’s built-in mechanism or visit the official add-on markets for Firefox, IE, Chrome, etc. to browse & install available add-ons.

Check the number of downloads, add-on rating, and user reviews for any red flags before downloading.